[squid-users] Timeouts/browser hang with "autodetect proxy"

From: Brian Riffle <riffle@dont-contact.us>
Date: Thu, 08 Mar 2007 14:40:40 -0800

I am having an issue with timeouts using squid with both IE and
Firefox when using "auto detect proxy" When I am autodetecting the
proxy server, if I type in an invalid domain name (like google.comm,
or googlec.om, etc) it will take upwards of 20 seconds to timeout, and
give me the squid error page that the domain does not exist. During
this time, the browser completely locks up, and is unusable. However,
during my troubleshooting, I have noticed that if I manually set the
proxy settings in the browsers (with the same rules and execptions as
the proxy.pac and wpad.dat files, the timeout does not happen. The
browser does not lock up, and the "domain does not exist" squid error
page shows almost instantly. Unfortunately, due to people that travel
on the road, manually setting the Proxy is a problem prone thing, as
their browsers don't want to work "on the road" unless they connect to
our VPN. I have seen many other posts about the long timeouts before,
but never a good resolution. I was wondering if Anyone could point me
towards a fix, or if I have errors in my file.

We are using squid-2.5.STABLE6-3, on Redhat EL 4.0 (this is the most
up-to-date package RedHat offers.)

Thank you...

Our Auto Proxy config file:

   function FindProxyForURL(url, host)
   // Our domain, and students are on our side of the proxy
   // if it's one of our internal sites, don't proxy it
      if (shExpMatch(url, "*.ourdomain.edu/*")) {return "DIRECT";}
      if (shExpMatch(url, "*.olddomain.us/*")) {return "DIRECT";}
      if (shExpMatch(url, "*.students/*")) {return "DIRECT";}
      if (shExpMatch(url, "*.amazon.com/*")) {return "DIRECT";}
      if (shExpMatch(url, "*.enterprise.com/*")) {return "DIRECT";}
      if (shExpMatch(url, "*.alaskaair.com/*")) {return
"DIRECT";}
      if (shExpMatch(url, "127.0.0.1/*")) {return "DIRECT";}

   // for some reason, ports must be specified separately
      if (shExpMatch(url, "*.ourdomain.edu:*/*")) {return "DIRECT";}
      if (shExpMatch(url, "*.olddomain.us:*/*")) {return "DIRECT";}
      if (shExpMatch(url, "*.students:*/*")) {return "DIRECT";}
      if (shExpMatch(url, "*.amazon.com:*/*")) {return "DIRECT";}
      if (shExpMatch(url, "*.enterprise.com:*/*")) {return "DIRECT";}
      if (shExpMatch(url, "*.alaskaair.com:*/*")) {return "DIRECT";}
      if (shExpMatch(url, "127.0.0.1:*/*")) {return "DIRECT";}

   // for some reason, we had to define IP address ranges too
   // anything else in the 10.*.*.* range is on our side of the proxy
   // we have web servers residing on the following networks
      if (isInNet(host, "192.168.5.0", "255.255.255.0")) {return
"DIRECT";}
      if (isInNet(host, "192.168.42.0", "255.255.255.0")) {return
"DIRECT";}
      if (isInNet(host, "192.168.43.0", "255.255.255.0")) {return
"DIRECT";}
      if (isInNet(host, "my.ip.range.0", "255.255.255.0"))
{return "DIRECT";}
      if (isInNet(host, "192.168.2.0", "255.255.255.0")) {return
"DIRECT";}
      if (isInNet(host, "192.168.4.0", "255.255.255.0")) {return
"DIRECT";}
      if (isInNet(host, "1.1.1.1", "255.255.255.0")) {return
"DIRECT";}
      if (isInNet(host, "127.0.0.1", "255.255.255.0")) {return
"DIRECT";}

   // anything specified by a one-word URL is on our side of the proxy
      if (isPlainHostName(host)) {return "DIRECT";}

   // if we've fallen through to this point, it must be an external

address
      return "PROXY proxy.ourdomain.edu:3128";
   }

-- 
Brian Riffle
System and Network Administrator
Klamath Community College
7390 South 6th St
Klamath Falls, OR 97603
Phone 	541.880.2245
Fax	541.885.7758
Received on Thu Mar 08 2007 - 15:40:48 MST

This archive was generated by hypermail pre-2.1.9 : Sat Mar 31 2007 - 13:00:01 MDT